0
我設法通過Active Directory驗證創建了MVC5 Web應用程序。但我想限制只有特定用戶登錄到應用程序。我怎樣才能做到這一點?mvc 5僅限受限用戶使用登錄進行Active Directory身份驗證
是否有可能我可以插入到具有受限用戶的表AspNetUser,然後只允許這些用戶登錄到網站。
我設法通過Active Directory驗證創建了MVC5 Web應用程序。但我想限制只有特定用戶登錄到應用程序。我怎樣才能做到這一點?mvc 5僅限受限用戶使用登錄進行Active Directory身份驗證
是否有可能我可以插入到具有受限用戶的表AspNetUser,然後只允許這些用戶登錄到網站。
像我用你可以添加一個過濾器:(此過濾器按組)
public class AuthorizeADAttribute : AuthorizeAttribute
{
private readonly IUserProfileRepository _userProfileRepository;
/// <summary>
/// this comes from the web.config
/// </summary>
public string Groups { get; set; }
/// <summary>
/// Override the authorization routine to check if this user is part of 'AllowedOUs' (web.config key; comma delimited)
/// </summary>
/// <param name="httpContext"></param>
/// <returns></returns>
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (base.AuthorizeCore(httpContext))
{
/* Return true immediately if the authorization is not
locked down to any particular AD group */
if (String.IsNullOrEmpty(Groups))
return true;
// Get the AD groups
var groups = Groups.Split(',').ToList();
// Verify that the user is in the given AD group (if any)
var context = new PrincipalContext(
ContextType.Domain,
WebConfigurationManager.AppSettings["AllowedDomain"]);
var userPrincipal = UserPrincipal.FindByIdentity(
context,
IdentityType.SamAccountName,
httpContext.User.Identity.Name);
try
{
foreach (var group in groups)
{
if (userPrincipal.IsMemberOf(context,
IdentityType.Name,
group))
{ return true; }
}
}
catch //(Exception ex)
{
// not in group
// will fail through to non-authorized page
// can log 'hack' attempts if necessary
}
}
return false;
}
/// <summary>
/// redirect on failure
/// </summary>
/// <param name="filterContext"></param>
protected override void HandleUnauthorizedRequest(
AuthorizationContext filterContext)
{
if (filterContext.HttpContext.User.Identity.IsAuthenticated)
{
var result = new ViewResult();
result.ViewName = "NotAuthorized";
result.MasterName = "_Layout";
filterContext.Result = result;
}
else
base.HandleUnauthorizedRequest(filterContext);
}
}
,然後在任何類/方法,佈置相應:
[AuthorizeAD(Groups = "Implementation Development")]
public class UserProfileController : Controller
{...
是廣告裏你的服務器?您是使用身份驗證還是Windows身份驗證? –